IBM Security Guardium

 View Only
Expand all | Collapse all

Data Mismatch Between Guardium CM\Agg. and Collectors

  • 1.  Data Mismatch Between Guardium CM\Agg. and Collectors

    Posted Wed March 30, 2022 06:35 AM

    Hello Seniors, Greetings!!

     We have one scenario/Issue where in we see less data on CM\Agg. than collectors. We have Two Collectors which is capturing Traffics from Database Hosts and we have scheduled export from Colls. To CM\Agg. (CM\Agg is same) and Import scheduled on CM\Agg. However, if a run let's say "ABC" Report on these CM\Agg , I am getting lesser Raws(data) than the collectors.

    I mean, I am running same Report on both the collectors, downloading the reports.  Then, running same Report on CM\Agg but it has lesser Raws(data).

    Also, Please note that, Purge Period and Import/Export is configured properly. Also, I am fetching the data within the Import/Export/Purge Period configuration.

    Can someone please suggest on this, what to do in this. thanks in advance.




  • 2.  RE: Data Mismatch Between Guardium CM\Agg. and Collectors

    Posted Mon April 04, 2022 09:55 AM
    Hi Akashkumar, 
    Are you running the report with a relative time period (NOW -1 DAY to NOW)? 
    In this case, the CM/AGG will only show you data which was exported from the previous day by the collectors while the collectors will show you data from both the previous and current day. If you run the report with the specific time period (2022-04-03 00:00:00 to 2022-04-04 00:00:00) you should get the same amount of raw data. If the latter is the case and you get more data from the collectors when you run a specific time period that does sound strange.

    ------------------------------
    Olufemi Adalemo
    ------------------------------



  • 3.  RE: Data Mismatch Between Guardium CM\Agg. and Collectors

    Posted Mon April 04, 2022 10:00 AM

    Hello Olufemi, Hope all is well.

     

    Thanks for your response. Yes, I am running the Reports within the Import/Export timeframe(I mean the past days data-purge period is 1 month) , not running the real time/relative query. Let me know if you have suggestion for me. Thanks.

     

     

    Akashkumar Parmar